Microsoft has retained the right to keep private messages stored on a mail server in Ireland, which the US government wanted for a drug investigation. The decision by a US appeals court is seen as having a major flow on effect on data security throughout the US technology industry.

Last week’s ruling overturns a 2014 decision judgement that Microsoft must hand over messages of a suspected drug trafficker. The company argued that would create a “global free-for-all” with foreign countries forcing companies to turn over evidence stored in the US.

The government said a ruling in favour of Microsoft would create legal loophole to be exploited by fraudsters, hackers and drug traffickers.

The law doesn’t “authorise courts to issue and enforce against US-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers,” U.S. Circuit Judge Susan Carney wrote for the majority of the New York appeals court. The government is considering its options, Peter Carr, a spokesman for the US Department of Justice, said in a statement.

“Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime,” Carr said.

Writing on the company blog site, Brad Smith, Microsoft’s President and Chief Legal Officer, said, “The decision is important for three reasons: it ensures that people’s privacy rights are protected by the laws of their own countries; it helps ensure that the legal protections of the physical world apply in the digital domain; and it paves the way for better solutions to address both privacy and law enforcement needs.

“… It makes clear that the U.S. Congress did not give the U.S. government the authority to use search warrants unilaterally to reach beyond U.S. borders. As a global company we’ve long recognized that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country.”